CVE-2026-16075 in AstrBot
Summary
by MITRE • 07/18/2026
A flaw has been found in AstrBotDevs AstrBot up to 4.25.5. This vulnerability affects the function OpenApiRoute.get_chat_sessions of the file astrbot/dashboard/routes/open_api.py of the component session-listing Endpoint. This manipulation of the argument Username causes authorization bypass. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/18/2026
The vulnerability identified in AstrBotDevs AstrBot version 4.25.5 represents a critical authorization bypass flaw within the session-listing endpoint functionality. This issue resides in the OpenApiRoute.get_chat_sessions function located in astrbot/dashboard/routes/open_api.py, where improper handling of the Username argument creates a pathway for unauthorized access to chat session data. The flaw demonstrates a fundamental weakness in the application's access control mechanisms that allows attackers to manipulate the username parameter to gain access to sessions they should not be authorized to view.
The technical implementation of this vulnerability stems from inadequate input validation and authentication checks within the session listing endpoint. When an attacker supplies a manipulated Username argument to the OpenApiRoute.get_chat_sessions function, the system fails to properly verify whether the requesting user has legitimate authorization to access the specified session data. This represents a classic case of insufficient authorization checks that aligns with CWE-285, which addresses improper authorization within software systems. The vulnerability operates at the application layer and can be exploited through remote network access, making it particularly dangerous as it does not require physical access or local system compromise.
The operational impact of this authorization bypass vulnerability is significant across multiple security domains. Attackers can potentially access confidential chat sessions belonging to other users, compromising the privacy and security of communications within the AstrBot ecosystem. This breach affects data integrity and confidentiality principles, as unauthorized parties gain access to private conversations and session information that should remain restricted to authorized personnel only. The vulnerability's remote exploitability means it can be leveraged from any location with network connectivity to the affected system, amplifying its potential impact.
The published exploit for this vulnerability demonstrates that threat actors have already developed working tools to leverage this authorization bypass for malicious purposes. This represents a mature exploitation scenario where the vulnerability has progressed beyond theoretical risk to actual threat landscape presence. Security practitioners should consider this flaw as part of the ATT&CK framework's privilege escalation techniques, specifically noting how it enables unauthorized access to sensitive data through manipulated API endpoints. The vendor's lack of response to early disclosure attempts compounds the security risk, leaving users without official patches or mitigations while the vulnerability remains publicly known.
Mitigation strategies should include immediate implementation of proper input validation for all username parameters within the OpenApiRoute.get_chat_sessions function, along with robust session authorization checks that verify user credentials against the requested session data. Organizations running AstrBot versions up to 4.25.5 should implement network-level restrictions and monitoring for unusual API access patterns related to session listing endpoints. Additionally, the implementation of proper authentication tokens and rate limiting mechanisms can help prevent abuse of this vulnerability while awaiting official vendor patches. Security teams should also consider conducting comprehensive audits of all API endpoints to identify similar authorization bypass vulnerabilities that may exist in other parts of the application's functionality.